FEDORA-2021-a627cfd31e created by v02460 2 months ago for Fedora 34
stable

Update to v1.38.1


New upstream release 1.38.0, incorporating a number of important security fixes.

Upstream changelog: https://github.com/matrix-org/synapse/blob/v1.38.0/CHANGES.md

Upstream upgrade notes: https://matrix-org.github.io/synapse/develop/upgrade#upgrading-to-v1380

How to install

sudo dnf upgrade --advisory=FEDORA-2021-a627cfd31e

This update has been submitted for testing by v02460.

2 months ago

This update's test gating status has been changed to 'ignored'.

2 months ago

This update's test gating status has been changed to 'waiting'.

2 months ago

This update has obsoleted matrix-synapse-1.38.0-2.fc34, and has inherited its bugs and notes.

2 months ago

This update's test gating status has been changed to 'ignored'.

2 months ago

This update has been pushed to testing.

2 months ago
User Icon dcallagh provided feedback 2 months ago
karma

This update has been submitted for stable by bodhi.

2 months ago

This update has been pushed to stable.

2 months ago

Please login to add feedback.

Metadata
Type
security
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
2 months ago
in testing
2 months ago
in stable
2 months ago
BZ#1910740 synapse.service can fail if it starts before postgresql is ready
0
0
BZ#1918426 matrix-synapse-1.38.0 is available
0
0
BZ#1934603 CVE-2021-21274 matrix-synapse: DoS via .well-known lookups [fedora-all]
0
0
BZ#1934606 CVE-2021-21273 matrix-synapse: open redirects on some federation and push requests [fedora-all]
0
0
BZ#1944136 CVE-2021-21332 matrix-synapse: password reset endpoint is vulnerable to XSS [fedora-all]
0
0
BZ#1944139 CVE-2021-21333 matrix-synapse: HTML injection in email and account expiry notifications [fedora-all]
0
0
BZ#1949110 CVE-2021-21393 matrix-synapse: Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints [fedora-all]
0
0
BZ#1949112 CVE-2021-21392 matrix-synapse: IP blacklist bypass via transitional IPv6 addresses on dual-stack networks [fedora-all]
0
0
BZ#1958801 CVE-2021-21394 matrix-synapse: missing input validation may cause excessive use of disk space and memory [fedora-all]
0
0
BZ#1959542 CVE-2021-29471 matrix-synapse: Denial-of-service when processing moderate length events [fedora-all]
0
0

Automated Test Results